Hi Fellow Moderators! Welcome to our newest moderator, Abdur-Rahmaan Janhangeer. Now with 6 moderators, 3 of which are able visit on almost daily basis, I'm starting to feel like the system is really able to meet its potential.
(Fyi Everyone, JAKE is now Panda.)
I'd also like to discuss a moderation issue regarding PDFs. There was a recent image, I think it was the map of Europe, uploaded as a PDF. One comment which was posted, along with a vote to delete, was "pdf can contain viruses or get your ip on opening".
While I understand that potentially can happen, PDF is an acceptable format for uploaded resources (whether image or text) in the gallery. So we can't delete them only because they are PDFs.
However, since their contents are not displayed, we must open them, to find out if they meet the CoC guidlines. What would be the best way to get a look at the contents, without risking our personal privacy and/or security?
I'm thinking we should download and run our local security scans, before opening. (Or I suppose there are some free online scanners. Don't have any links right offhand though.) Does anyone know of a better, possibly less time consuming (and memory eating) way to get a safe look at the contents?
All best, brynn
It's possible to convert a pdf to an image on the webserver to aid with the problem. Wouldn't be a completely proof solution, but would help.
If this seems like it would be urgently need, I can spend some time on it.
Best Regards, Martin Owens
On Wed, 2018-03-07 at 18:30 -0700, brynn wrote:
Hi Fellow Moderators! Welcome to our newest moderator, Abdur-Rahmaan Janhangeer. Now with 6 moderators, 3 of which are able visit on almost daily basis, I'm starting to feel like the system is really able to meet its potential.
(Fyi Everyone, JAKE is now Panda.)
I'd also like to discuss a moderation issue regarding PDFs. There was a recent image, I think it was the map of Europe, uploaded as a PDF. One comment which was posted, along with a vote to delete, was "pdf can contain viruses or get your ip on opening".
While I understand that potentially can happen, PDF is an acceptable format for uploaded resources (whether image or text) in the gallery. So we can't delete them only because they are PDFs.
However, since their contents are not displayed, we must open them, to find out if they meet the CoC guidlines. What would be the best way to get a look at the contents, without risking our personal privacy and/or security?
I'm thinking we should download and run our local security scans, before opening. (Or I suppose there are some free online scanners. Don't have any links right offhand though.) Does anyone know of a better, possibly less time consuming (and memory eating) way to get a safe look at the contents?
All best, brynn
Well, I'd say currently, PDF's are not very commonly uploaded. I wouldn't want to take a lot of your time on this, especially if it's not a perfect solution.
I'm not sure what Abdur-Rahmaan means about
though as a programmer i'm sometimes wary of pdfs, i think a system like google drive which checks before downloading might work ok (we'll check on uploading).
or a serverside check on back-end maybe if a trusted one exists.
But I guess it's something like scanning the file before it actually uploads?
I suppose it might be more convenient to copy the PDF and take to a free online scanner (rather than moderators downloading them).
Does anyone know a reliable free online malware scanner? Or other ideas? Should I copy this to the Devel list, for more comments?
I mean, for that matter, I think the same thing is true for SVGs, isn't it? They can contain scripts which could potentially be malicious, right? I wonder if there is some server side scanner which could automatically check all uploads?
brynn
-----Original Message----- From: Martin Owens Sent: Wednesday, March 07, 2018 7:18 PM To: brynn ; Inkscape-Docs Cc: Abdur-Rahmaan Janhangeer ; die humblex Subject: Re: welcome new moderator, and discuss PDFs
It's possible to convert a pdf to an image on the webserver to aid with the problem. Wouldn't be a completely proof solution, but would help.
If this seems like it would be urgently need, I can spend some time on it.
Best Regards, Martin Owens
On Wed, 2018-03-07 at 18:30 -0700, brynn wrote:
Hi Fellow Moderators! Welcome to our newest moderator, Abdur-Rahmaan Janhangeer. Now with 6 moderators, 3 of which are able visit on almost daily basis, I'm starting to feel like the system is really able to meet its potential.
(Fyi Everyone, JAKE is now Panda.) I'd also like to discuss a moderation issue regardingPDFs. There was a recent image, I think it was the map of Europe, uploaded as a PDF. One comment which was posted, along with a vote to delete, was "pdf can contain viruses or get your ip on opening".
While I understand that potentially can happen, PDF is anacceptable format for uploaded resources (whether image or text) in the gallery. So we can't delete them only because they are PDFs.
However, since their contents are not displayed, we must openthem, to find out if they meet the CoC guidlines. What would be the best way to get a look at the contents, without risking our personal privacy and/or security?
I'm thinking we should download and run our local securityscans, before opening. (Or I suppose there are some free online scanners. Don't have any links right offhand though.) Does anyone know of a better, possibly less time consuming (and memory eating) way to get a safe look at the contents?
All best, brynn
Hi Brynn,
But I guess it's something like scanning the file before it actually uploads?
This isn't at issue at the moment, but we should be aware of it for the future.
I suppose it might be more convenient to copy the PDF and take to a free online scanner (rather than moderators downloading them).
More load on the server wouldn't be good. But I am thinking of ways to protect the user, if pdfs are this small in number then we could check them all manually.
I mean, for that matter, I think the same thing is true for SVGs, isn't it? They can contain scripts which could potentially be malicious, right? I wonder if there is some server side scanner which could automatically check all uploads?
No, we don't host svg images to users like that. There's a flag that allows us to embed them IF we trust the contents. But it's only used by the admins for certain svg files that's we've checked out first.
Browsers will naturally protect users from non-embeded svg files and should be protecting users from pdf files too.
Unless we know we're getting viruses because we're checking files manually, I say we wait until we have a problem. We can always pause the quota to pause uploads while we get a solution put together when that day comes.
Best Regards, Martin Owens
Yes, I agree, they are very small in number, presently.
More load on the server wouldn't be good. But I am thinking of ways to
protect the user, if pdfs are this small in number then we could check them all manually.
No, that's what I meant -- that moderators could do it manually, as long as the numbers stay low. Maybe someday, we have some server side scan.
But for now, is there any way to check PDFs, without having to download them?
Ok, I found this: https://virusdesk.kaspersky.com/ I've heard of kapersky forever. So you just copy the link to the PDF, and paste it in the field. (Or there's a drag and drop option.) Then just click Scan button. If it's says "safe", then it will be safe to open with your PDF viewer, to see what's in there.
Any reason not to use that?
Thanks, brynn
-----Original Message----- From: Martin Owens Sent: Saturday, March 10, 2018 3:53 PM To: brynn ; Inkscape-Docs Cc: Abdur-Rahmaan Janhangeer ; die humblex Subject: Re: welcome new moderator, and discuss PDFs
Hi Brynn,
But I guess it's something like scanning the file before it actually uploads?
This isn't at issue at the moment, but we should be aware of it for the future.
I suppose it might be more convenient to copy the PDF and take to a free online scanner (rather than moderators downloading them).
More load on the server wouldn't be good. But I am thinking of ways to protect the user, if pdfs are this small in number then we could check them all manually.
I mean, for that matter, I think the same thing is true for SVGs, isn't it? They can contain scripts which could potentially be malicious, right? I wonder if there is some server side scanner which could automatically check all uploads?
No, we don't host svg images to users like that. There's a flag that allows us to embed them IF we trust the contents. But it's only used by the admins for certain svg files that's we've checked out first.
Browsers will naturally protect users from non-embeded svg files and should be protecting users from pdf files too.
Unless we know we're getting viruses because we're checking files manually, I say we wait until we have a problem. We can always pause the quota to pause uploads while we get a solution put together when that day comes.
Best Regards, Martin Owens
though as a programmer i'm sometimes wary of pdfs, i think a system like google drive which checks before downloading might work ok (we'll check on uploading).
or a serverside check on back-end maybe if a trusted one exists.
https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail Garanti sans virus. www.avast.com https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
On Thu, Mar 8, 2018 at 5:30 AM, brynn <brynn@...78...> wrote:
Hi Fellow Moderators! Welcome to our newest moderator, Abdur-Rahmaan Janhangeer. Now with 6 moderators, 3 of which are able visit on almost daily basis, I'm starting to feel like the system is really able to meet its potential.
(Fyi Everyone, JAKE is now Panda.) I'd also like to discuss a moderation issue regarding PDFs. Therewas a recent image, I think it was the map of Europe, uploaded as a PDF. One comment which was posted, along with a vote to delete, was "pdf can contain viruses or get your ip on opening".
While I understand that potentially can happen, PDF is anacceptable format for uploaded resources (whether image or text) in the gallery. So we can't delete them only because they are PDFs.
However, since their contents are not displayed, we must open them,to find out if they meet the CoC guidlines. What would be the best way to get a look at the contents, without risking our personal privacy and/or security?
I'm thinking we should download and run our local security scans,before opening. (Or I suppose there are some free online scanners. Don't have any links right offhand though.) Does anyone know of a better, possibly less time consuming (and memory eating) way to get a safe look at the contents?
All best, brynn
yes, as it is not common, spending time on it is not that urgent.
Abdur-Rahmaan Janhangeer https://github.com/abdur-rahmaanj/
On Thu, 8 Mar 2018, 05:30 brynn, <brynn@...78...> wrote:
Hi Fellow Moderators! Welcome to our newest moderator, Abdur-Rahmaan Janhangeer. Now with 6 moderators, 3 of which are able visit on almost daily basis, I'm starting to feel like the system is really able to meet its potential.
(Fyi Everyone, JAKE is now Panda.) I'd also like to discuss a moderation issue regarding PDFs. Therewas a recent image, I think it was the map of Europe, uploaded as a PDF. One comment which was posted, along with a vote to delete, was "pdf can contain viruses or get your ip on opening".
While I understand that potentially can happen, PDF is anacceptable format for uploaded resources (whether image or text) in the gallery. So we can't delete them only because they are PDFs.
However, since their contents are not displayed, we must openthem, to find out if they meet the CoC guidlines. What would be the best way to get a look at the contents, without risking our personal privacy and/or security?
I'm thinking we should download and run our local security scans,before opening. (Or I suppose there are some free online scanners. Don't have any links right offhand though.) Does anyone know of a better, possibly less time consuming (and memory eating) way to get a safe look at the contents?
All best, brynn
participants (3)
-
Abdur-Rahmaan Janhangeer -
brynn -
Martin Owens